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When configuring security for your JIRA instance, there are two 
areas to address: 


¢ permissions within JIRA itself 
¢ security in the external environment 


Configuring permissions within JIRA 


JIRA has a flexible security system which allows you to configure 
who can access JIRA, and what they can do/see within JIRA. 


There are five types of security within JIRA: 


1. Global permissions — these apply to JIRA as a whole (e.g. 
who can log in). 

2. Project permissions — organised into permission 
schemes, these apply to projects as a whole (e.g. who can 
see the project's issues ('Browse' permission), create, edit 
and assign them). 

3. Issue security levels — organised into security schemes, 
these allow the visibility of individual issues to be adjusted, 
within the bounds of the project's permissions. 

4. Comment visibility — allows the visibility of individual 
comments (within an issue) to be restricted. 

5. Work-log visibility — allows the visibility of individual work- 
log entries (within an issue) to be restricted. Does not 
restrict visibility of progress bar on issue time tracking. 
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On this page: 


e Configuring permissions within JIRA 
« Diagram: People and permissions 
e Configuring security in the external 
environment 
e Other security resources 


In this section: 


e Configuring Issue-level Security 

e Managing Project Permissions 

e Managing Project Roles 

e Managing Global Permissions 

¢ Configuring Secure Administrator 
Sessions 

e Preventing Security Attacks 

e JIRA Cookies 

e JIRAAdmin Helper 

e Password Policy for JIRA 
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Diagram: People and permissions 
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Configuring security in the external environment 


If your JIRA instance contains sensitive information, you may want to configure security in the environment in which your 
JIRA instance is running. Some of the main areas to consider are: 


jal Unknown macro: 'conditionaltext' | 


e File system — you should restrict access to the following directories (but note that the user which your JIRA 
instance is running as will require full access to these directories): 
e Index directory 
e Attachments directory 


Other security resources 
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Securing JIRA with Apache HTTP Server 
JIRA Cookies 

User and Group Management 

Tomcat security best practices 

Security Advisories 

Configuring project specific security 


Configuring Security 


security ssl permissions — security-resources 
Powered by a free Atlassian Confluence Open Source Project License granted 
to NORTH TECOM . Evaluate Confluence today. 


This Confluence installation runs a Free Gliffy License - Evaluate the Gliffy 
Confluence Plugin for your Wiki! 
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